G-Lock Software > G-Lock SpamCombat > Best Technique of Using G-Lock SpamCombat

Best Technique of Using SpamCombat

In this article we share our experience how to work with G-Lock SpamCombat to effectively fight spam.

Reminder: G-Lock SpamCombat is standalone spam filtering software that works independently of your email client. To maintain your Inbox clean, run G-Lock SpamCombat BEFORE you receive your mail with your regular email client. After G-Lock SpamCombat removes spam emails from the server, open your email client and receive good messages.

G-Lock SpamCombat Spam permanently removes spam emails from the server and stores them (optionally) in the Deleted Items folder. If a good message was accidentally marked as spam and moved to trash, you can recover the email into your email client.

Working with G-Lock SpamCombat Filters

G-Lock SpamCombat is supplied with an arsenal of anti-spam filters that you can easily edit and update to adapt the program to your incoming email. Let's examine each filter and find the best way to setup them:

Complex Filters

Complex Filter is a script (or scripts) that uses various functions, procedures, or operators to compare fields from the message header to the defined value and then classifies the email as spam or legitimate depending on the result.

Complex Filter is implemented primarily for advanced users who are familiar with VBScript and JScript. If you're a novice in script writing, you can use the Complex filters supplied with G-Lock SpamCombat by default.

Whitelist

For your convenience and saving time you 'whitelist' emails you receive from known senders: primarily newsletters you subscribed to, messages from newsgroups, forums, etc.

But we DO NOT recommend that you 'whitelist' your contact emails stored in an external address book although you know those people. Adding an entire address book to the whitelist is not quite safe as it seems to be. Nowadays viruses are known to use the email addresses from various address books to forge the messages and send out themselves. Just a sample. Let's say you receive 2 emails sent from a known email address [email protected] that is in your whitelist. One of these emails is good and another one is forged by a virus. The whitelist catches both emails and automatically marks them as good whilst there is only one legitimate email actually. You receive these two messages then and guess what!… your computer is infected with a virus.

To avoid this situation, let the Bayesian filter handle the emails you receive from your friends, colleagues, co-workers, etc. Keep reading this article to the end and you'll know how to make G-Lock SpamCombat properly identify spam and legitimate emails without adding them either to blacklist or whitelist.

Blacklist

G-Lock SpamCombat is supplied with a solid blacklist. The blacklist filters allow:

  • catch all common types of spam emails that are flooding almost everybody's inbox;
  • catch 'short' spam messages including virus emails that do not come under the Bayesian filter due to the shortage of significant words.

If with time you find that any of the blacklist filters marks good emails as spam, you can de-activate that filter.

Surely you can add your own filters/regular expressions to the blacklist. What is NOT highly recommended is that you blacklist ALL the domains/email addresses from which you receive spam. No real emails are used to send spam. Today you get a spam email from this domain and tomorrow you can receive the very same spam email from an other domain. So, if you add all these domains/email addresses to the blacklist, your blacklist will be growing and growing. A huge blacklist will affect the speed of processing emails.

Only the emails that come with unknown email icon should be either whitelisted or blacklisted as the Bayesian filter will not work on them due to the shortage of significant words in these emails.

HTML Validator

HTML Validator parses the HTML part of an incoming email and checks the HTML tags for validity. If several dubious HTML tags are found, the message is considered spam.

Keep this filter ON as it contributes its mite in catching spam as well.

Bayesian Filter

The Bayesian Filter handles the messages, which were not resolved by any other filter: Complex filter, Whitelist, Blacklist or HTML Validator filter.

The Bayesian filtering is based on the principle that most events are dependent and that the probability of an event occurring in the future can be inferred from the occurrences of this event in the past. This same approach is used to identify spam. If some piece of text occured mostly in spam emails but not in legitimate mail, then it would be reasonable to suppose that this email is probably spam.

To effectively filter mail using the Bayesian technology, the user needs to generate a database of words collected from spam and legitimate mail. Then a probability value is assigned to each word; the probability is based on the calculations that take into account how often that word occurs in spam as opposed to legitimate mail.

After the legitimate and spam databases are created during an initial training period, the word probabilities can be calculated and the Bayesian filter is ready for use. When a new mail arrives, it is broken into words and the most significant words are singled out. From these words, the Bayesian filter calculates the probability of a new message being spam or not. If the probability is greater than a spam threshold, say 0.9, then the message is classified as spam.

It is important to note that the analysis of spam and legitimate mail is performed on the mail the particular user (organization, company, etc.) receives, and therefore the Bayesian filter is adjusted to this particular person, company, or organization. For example, a financial institution might receive a lot of emails with the word "mortgage" and would get a lot of false positives if using an outdated antispam filter. The Bayesian filter analyzes the entire message with the word "mortgage", and concludes whether this email is spam or legitimate basing NOT only on a single keyword "mortgage". The Bayesian approach to filter spam is highly effective – spam detection rates of over 99.7% can be achieved with a very low number of false positives!

How to Train the Bayesian Filter

During the initial training period the Bayesian filter adapts to your incoming mail and helps identify not common spam emails (emails that you personally consider as spam) that didn't came under the blacklist filters. In the similar way in the process of training the Bayesian filter creates a database of legitimate words that allows then an adequate classification of the messages you'll receive from your friends, colleagues, etc. as good.

When all the emails are retrieved from the server, preview the messages, which were processed by the Bayesian filter and check up whether they were adequately categorized as spam and good. If not, re-classify them by yourself. To do this, use Mark Message as Spam and Mark Message as Clean buttons in G-Lock SpamCombat. The filter learns from its mistakes and the next time the emails will be marked properly. Also categorize by yourself 'unknown' emails marked by a yellow exclamation sign exclamation sign. The Bayesian filter learns from these emails as well. The more you train the Bayesian filter, the more its accuracy increases.

It is important to remember that the training affects only the Bayesian filter. If an email was wrongly classified as spam or good by any other filter such as Complex, Blacklist, Whitelist, or HTML Validator, re-classifying that email makes no sense. In this case, just edit or de-activate the appropriate filter.

DNSBL Filter

DNSBL filter consists in comparing the sender's IP address against Public Blacklists. If the IP address is listed within a spam database, the email is flagged as spam.

G-Lock SpamCombat is provided with a list of spam databases. You can also update the SpamCombat DNSBL database yourself. See the list of active spam databases here.

Inactive blacklists can be disabled or removed from the SpamCombat database.

If you have used G-Lock SpamCombat for some time and had a chance to tweak it so that it doesn't give false negative and/or false positive results, you can switch auto-deletion of spam emails to on. It would not be out of place, nevertheless, if you look through the deleted items from time to time to be sure that no good email was trashed. If this happens, G-Lock SpamCombat provides you the ability to recover the emails from the trash.